Updated 07-09-01

2nd Annual Defcon Coffee Wars
In our second year, we're back with a caffeine-induced vengeance.  The premise is simple.  You wake up, likely tired and hungover, you bring us your best coffees, and we find out just who has the best coffee of all.  Check it all out at coffeewars.org

New this year:

  • Cooler prizes.
  • Larger supply of of t-shirts and mugs for the populace.
  • Expanded judging categories.
  • Donations of coffee from Innkeeper's Coffee.
  • Free scalding w/ boiling water for any who bring Folgers or Starbucks.
  • Better organization (we've had a year to figure out how to do this right, this time.)
  • Rob Nielsen actually showing up and not dishing the entire event to Jay Dyson.
  • Social Engineering Competition
    The social engineering competition is back... this year's competition will be held by the drunkenwhores.com crew. It will focus mainly on celebrity deception, and harassment of a select few 24 hour help lines... we will try very hard to keep it legal, but still very fun... some of the ideas we are working on right now include the personal cell phones of some of the most popular celebrities of today, and of course the 80's.... Yes, we do have Scott Baio's (Charles in Charge) home number and we are not afraid to call him up and say hello... sign ups will be at the con, and also via e-mail (defcon9_SE@hushmail.com), if the response is a large as we hope the participants will be chosen by a fair method at the con... -Humperdink
    Pinguino's Scavenger Hunt
    The scavenger hunt this year is being run behalf of FLippersmack (project that replaced sysfail) with the help of Kline ezine  (hackcanada) to ensure that there'll always be someone there. Stop by and pick up the rules and enter the contest! Check out the official scavenger web site.
    Defcon 9 radio
    Defcon 9 radio.  Featuring 3500+ listener selected tracks streaming Vorbis through Icecast2.  Users will have the ability
    to vote on what they want to listen to, view who voted for what tracks, and even vote off a song if it sucks.  The track that has the highest # of listeners will be broadcast to an FM frequency so those wandering around or in their hotel rooms can also listen in on what people want to hear. 

    Our wandering reporters will be getting up to the minute reports from people @ the con and updates will be broadcast through the station randomly throughout the day.  Get your scheduling information with D-Update, every hour during scheduled activities.  A few of the lectures will also be available throughout the con through separate streams on the station.

    Assistance needed: For those who have recon capabilities in the area, we need to know what FM broadcasters there are in the area, and preferably like to find a solid frequency that is not currently in use...

    Information can be found prior to defcon @ Hacho.  Sponsored by DMZ Services, Inc.

    The Black & White Ball
    OK, so this year we will have more ambient music (So you can talk to the person next to you) and a bouncer at the door..  Just like al those clubs you hate in LA or NY.  If you don't try to dress up in your finest threads you don't get in.  This is to revers last years trend to people showing up in the same clothing they drove out from California in. 

    Once you get in there will be a bar (for those of you over 21), DJ action, a his / her best dressed contest and some other stuff we haven't thought of yet.

    So what is acceptable to wear?  In the past there have been formal wear, fetish wear, bondage clothing, a prom dress, old zoot suits, and a full "cyber" punk on roller blades with a head mount display.  Anything you want to show off or feel good wearing, basically.

    The DEF CON Shoot

    OK people, this is what you've been waiting for. this page is (of course) still under construction and may change at
    any time up until the moment I leave for vegas for defcon this year. Don't worry, I'm flying, so you have about 1.5 hours notice :)

    For the first time ever, we now finally have a DC-Shoot mailing list! use it to make defcon shoot plans, talk about guns, 2A, gun advocacy, hunting, BBQ recipes, load data, etc... Just send mail to majordomo@23.org with the words subscribe dcshoot in the message body.

    For complete information see the official and up to date DC-Shoot website.

    DJ Action
    P E R F O R M I N G  @  D E F C O N  2 0 0 1
    "The music is abominable" - Winn Schwartau

    Some major changes to the event this year. Due to the fact that Defcon is growing so large we now have to use the DJ room for speakers during the day. As of right now the DJ room will be providing entertainment from 6pm - 6am Friday and Saturday nights only. We had hoped to start Friday evening and go straight through till Sunday, but we need the space for speakers. This is going to limit the number of acts performing this year, but it should be a good party any ways. 

    Big change number two is the format. Traditionally we have had  Industrial/Goth/EBM music on Friday night. This year we are looking to  fill the Friday slot with more live acts during the evening and some good  chillout DJs for the late night. The reason for this is simply, the Industrial/Goth/EBM music really doesn't bring anyone into the room. No point in having a party if no one shows up.

    Go to the Official DEF CON DJ site maintained by twentythree.org to get the band lineup.

    CyberEthical Surfivor: The Game
    Ethics. CyberEthics. Kids. Hackers. And what about those Parents, huh?

    Corporations are ethical, right? … and let’s not forget Government, too!

    Ethics is that gray area between Legal and Illegal…and maybe your personal or corporate ethics are different that his or hers, or of someone from a different country or culture. Yet, we all need to live in the same “Space”. And that’s the whole point of “CyberEthical Surfivor.”  CyberEthical Surfivor is an Interactive Game that pits 18 brave souls on two teams against each other. The object of the Game is to be…duh… the last one standing: A true Surfivor. How you get there is half the fun, but Da Judge (Jennifer Granick) and Da Time Keeper and the D’Audience will be heavily involved in who become the Surfivor! Think:

  • Originality, Creativity, Positivity and Sticking to Time
  • Evolve and Develop a Consistent CyberEthical Profile and Persona That Your Team Mates, Opponents and Audience Will Support Throughout the Game.
  • Strategy? Compete with your team? Want winners or losers on your side? The other side? What does the audience want?
  • AUDIENCE PEOPLE: You get to play, too, by second-guessing and challenging the contestants on stage. You can pick and choose who stays and who goes. Who is the most or least ethical… in your humble opinion? We’ll have roving microphones so you can get your 2-cents in! Wouldn’t want our contestants to feel they’re getting off easy, would we? In fact, you can make their cyberethical lives a tad miserable, if you choose.

    LOSERS: There will be 17 losers, and they will all win something, just for playing. Nothing stupendous, but hey… you lost!

    SIGN UP: Anyone can play. Kids. Spooks, Spies, Hackers, Suits. No age limits (this is a PG/PG-13 Game). 
    Submit your name, affiliation and contact information to the webmaster. We will draw names from a stupid hat at the beginning of the Game, Saturday, July 14, 2001.

    1. $800 donation of ethics books in your name to the educational institution of your choice.
    2. DefCon attendance free for life!
    3. DefCon Jacket 
    4. Bragging Rights
    5. Come back next year to defend your title!

    HOST: Winn Schwartau (www.nicekids.netwww.interpactinc.com, www.infowar.com ) Da Judges: Jennifer Granick, Stanford Law, Chris Goggans, Counterpane, Richard Thieme, Social Commentaryist.

    The DEF CON Movie Channel
    Starting on Friday and running until Sunday evening there will be a DEF CON Movie Channel.  Running on the hotel's closed cable system, people staying at the Alexis Park can turn to this channel to catch up on the history of hacking movies.  As many movies as we can pack in three days that are somehow related to the hacking scene.  See such stinkers as The Net, and such classics as Colossus: The Forbin Project.  Complete schedule to be available at the show.
    NEW: Stevyn from The Iron Feather Journal will be this years VJ.  He will play the movies, provide schedulle updates, sort movies, a few video interviews, and random content when not mannig his booth.
    Capture The Flag Contest Network
    We're changing the rules again, trying for more action, more risk &  more network uptime. 

    Teams: Each team is going to have a color, and should use Ethernet cables of  that color.  ( DT's going to spring for a box of red, white, blue, green, yellow, black and grey. ) Each team will get an SSL client certificate that allows access to the central reporting web site. 

    Current teams are:
    Orange: Digital Revelation
    Green: (don't know the team name)
    Black: Team immunex (contact crispin@ wirex.com if you want to be a hacker on this team)

    mfvsThe targets: The last three IP addresses of each subnet are the target/victim  IP addresses. (That should be a big hint about what to scan) Each team should have at least one machine capable of running vmWare that  they're willing to leave plugged in. VMware has donated some goodies for CTF, and we'll have a license that everybody can use during Defcon.  (There isn't any computer check in this year. Your team has to take care of your target machines). 

    How the game Works: Each team is going to have some lUsers, some Sysadmins & probably a mess of hackers.

  • Sysadmins win by getting the most points from hackers & lUsers.
  • Sysadmins also get points for setting up new OSes. Sysadmins have a couple of options for how to set up hosts. 
  • Grab randomly from a bag of install disks & vmware images up on stage (20 points)
  • Grab pre made vmware images from the bag, (10 points)
  • Bring your own non intel architecture machines (5 points)
  • Bring your own vmware images or premade intel hosts (0 points)

  • Sysadmins get these points after the first lUser report. (So there's some proof that the machine worked).Sysadmins can touch the keyboard to change out services or the whole OS an hour after the first lUser report, when the machine is hacked,  or when a judge takes pity on their fumbling with the install disks. In between setting up the OS & getting hacked, sysadmins are expected to go off & get drunk or watch the con.   Go ahead & watch the console, but don't snipe attackers by hand.

    lUsers win by reporting on the services that that the sysadmins on other teams have set up. 
    lUsers get 2 points for being the first to report on a new service, and 10 points for reporting the highest total. lUsers can re-report on the same service every 3 hours. 

    For each service you find on another team's box, make a connection to the recording web server & report (scale of 1-10, 10 is high) how cool the service is, how hard you think it would be to implement (complexity) risk/ease of hacking.
    So someone who implemented a complete adventure game using forward and reverse lookups on bind4 might get 10,5,7
    Reports from Grey net lUsers don't count but will influence the judges's decisions. 
    Hackers win by putting a file on the root partition of any machine not on their team, then reporting on the hack.
    Hackers win the total number of points given in the lUser reports for that machine,  plus any points the sysadmin may have bet, plus 20 points for the hack. 

    Hackers will rank (scale of 1-10) the ease of the hack, how "risky" the service was, (yes we are setting the lUsers risk evaluation against the hackers) and coolness of the system that they hacked.
    So popping an ancient qpopper that turns out to be running on NT  might be 2,10,8

    Betting: If a team has a positive number of points, the sysadmins can choose to bet points that their machine or service won't be cracked. They have to find someone on the other teams to take that bet & work out the terms between them. The terms should  be written on paper on the wall. Hacking teams can bet points they don't have, they just go into negative points when theyloose. 

    Still with us?

    Here's the order: 
    Green sysadmin grabs a vmware disk from the bag
    Sysadmin fires up the image, tweaks it to run her chosen services/site
    Red luser sees & logs the web site, (+2 points for luser)(plus 10 for sysadmin, since the site is shown to work)
    Red lUser's rates the site for 7,5,2 (+14 to sysadmin)
    Yellow team's luser rates it at 8,5,3 (+16 to sysadmin)
    Yellow Hacker on team 3 roots the box ((30+20)= 50 points for hacker)
    Yellow Hacker rates host as 8,5,3 (+16 to sysadmin)
    So the total is Red =2, Green = 56, Yellow = 50 

    Rules: No coercive force, mickey finns or summoning of elder gods. 
    No attacking the web server or central routers. 
    Lame DOS attacks may cause the judges to disconnect your ethernet link 
    Root partitions must have at least 64k writable. 
    The judges may make changes to keep things moving.  (think "Wait Wait don't tell me" , not the olympics)

    Strategy: If someone else has a cool service that's getting them a lot of points, have the hackers on your team steal it, THEN take them down. Alliances may be profitable. Build cool (and very portable) services in advance. Pleasing the crowd on the grey net may mean you get awarded bonus points.  Getting hacked gives you points & the chance to change out your OS. So it is a valid strategy to put up lots of cool services that get hacked right away. A really cool server that stays up & keeps getting good lUser feedback is equivalent to installing a lot of os's & having them hacked right away. You get points for risky installs, but that costs you time. All of the scoring is tit for tat, not One round prisoners dillema so it makes sense to give people at least average points. Some cool service ideas Don't lock things down so that it can't be hacked, or rely on a back door that nobody will ever scan for. Deception and confusion about where the attacker is or has connected to, but not so much that no one can get past it. (hints are good) Multiple servers interacting Involving spoofing across a switch or router, or client with buffer overflows. Something new with plaintext protocols. (icecast over telnet with a new client) Just plain wrong apps (text mode quake)

    How can you help? There will be a mailing address for ctf up on defcon when the contest rules come up.  As usual, you'll need to bring switches, hubs, 10base T gear, etc. We're also going to need a lot of pre made vmware images & strange intel operating systems to put into the drawing bag , so start scrounging for windows 2.0 If anybody is willing to run book on the contest & offer dollars for points, that would be great.

    In 1997 is was Team SNI, In 1998 it was the Mad Sweedish Hackers, In 1999 it was The Ghetto Hackers, In 2000 It was The Ghetto Hackers / Subterranean Security Group Combo... Who will it be in 2001?

    cDc Announces Peekabooty
    Well, actually they wil talk about it during an hour long Hacktivism panel.  Why be an activist hacker? What are the goals of peekabooty? There will be a Q&A section from the audience as well.
    TCP/IP Drinking Game
    Ask the panel of hackers and security types questions.. if no onecan answer the question, they drink.  You see how this can get interesting quickly?
    DEF CON Goes to the Movies
    A really bad movie, CyberTraq AKA "Catching Kevin" - that really bad stinker based on John Markhoffs book "Take Down" along with some material stolen from John Littmin (They are in cort over it) as well as an interview with Kevin Mitnick that was taken out of context and inserted at the end of the movie with out his permission.  Should be a treat!  French with english subtitles.
    7th Anniversary Haxor Jeopardy
    Hacker Jeopardy is Back!

    Yup… DefCon fans just keep on coming and coming… So, for the 7th year in a row… we play Hacker Jeopardy! 
    It starts, as usual, at 10PM on Friday night for two games where the teams (of up to three people each) fight it out, duke it out and drink it out with questions to our answers.

    You know the Game. Winners win great gifts from Dark Tangent and DefCon. Losers get to drink. All players drink. (>21 Only)
    Hacker Jeopardy is rated Heavy-R, NC-17 and one year it was nearly X. You are warned.

    WE NEED ANSWERS: Please send your ideas for answers (and questions) in groups of 6-7 in a specific category. Sometimes we get a little technical, but not too technical – that’s what the Unix Drinking Game is for. Send them to winns at gte d0t net and we’ll try to build them into the Game.

    WHO CAN PLAY? Most people play pretty lousy… but you can still try. Submit your teams to Dtangent@DefCon.Org and we’ll pick you out of a hat before each Game. One year a secret government group got so drunk, they didn’t answer one question right. That was humiliating. For them.

    AUDIENCE PLAYS: Yup! You get to play, too. 
    DefCon ends up with tons of presents and gifts that we toss out to audience members who come up with the right questions… we got to get rid of all this stuff…one year we gave away a couple dozen Sun workstations! 
     Plus, you can make fun of the contestants on stage. Be rowdy. A little rowdy, not a lot rowdy. Don’t want anyone arrested again for being TOO rowdy. 

    WHEN: Friday, July 13, 2001: 11PM. Rounds One and Two.
    Saturday, July 14, 2001: 11PM Round Three, and then the Final Round, where the winners from the first three Games compete.
    Last Year’s winners can play in Final Round as Team #4, if they choose.

    Spot the FED Contest
    8th ANNUAL SPOT THE FED CONTEST:  The ever popular paranoia builder.  Who IS that person next to you?
    Same Rules, Different year!

    "Like a paranoid version of pin the tail on the donkey, the favorite sport at this gathering of computer hackers and phone phreaks seems to be hunting down real and imagined telephone security and Federal and local law enforcement authorities who the attendees are certain are tracking their every move.. .. Of course, they may be right."
                                                           - John Markhoff, NYT

    Basically the contest goes like this:  If you see some shady MIB (Men in Black) earphone penny loafer sunglass wearing Clint Eastwood to live and die in LA type lurking about, point him out.  Just get my attention and claim out loud you think you have spotted a fed.  The people around at the time will then (I bet) start to discuss the possibility of whether or not a real fed has been spotted.  Once enough people have decided that a fed has been spotted, and the Identified Fed (I.F.) has had a say, and informal vote takes place, and if enough people think it's a true fed, or fed wanna-be, or other nefarious style character, you win a "I spotted the fed!" shirt, and the I.F. gets an "I am the fed!" shirt.

    NOTE TO THE FEDS:  This is all in good fun, and if you survive unmolested and undetected, but would still secretly like an "I am the fed!" shirt to wear around the office or when booting in doors, please contact me when no one is looking and I will take your order(s).  Just think of all the looks of awe you'll generate at work wearing this shirt while you file away all the paperwork you'll have to produce over this convention.  I won't turn in any feds who contact me, they have to be spotted by others.

    DOUBLE SECRET NOTE TO FEDS:  This year I am printing up extra "I am the Fed!" shirts, and will be trading them for coffee mugs,  shirts or baseball hats from your favorite TLA.  If you want to  swap bring along some goodies and we can trade.  Be stealth about it if you don't want people to spot you.  Agents from foreign governments are welcome to trade too, but I gotta work on my mug collection and this is the fastest way.

    The Un-Official DEF CON Jump
    The JUMP is scheduled for July 12th.  All those who want to participate must meet at the front of the Alexis Hotel at promptly 11 am.  You will be responsible for all your own costs and transportation. This activity is not cheap, bring valid plastic.  We will not front you credit.  You need to be at least 18 years old and be able to pass the Jump Masters physical exam.  Those not able to pay, not physically fit, or are under age will not jump, without exception.
    If you plan on participating in this JUMP you must EMAIL me and receive an individual confirmation code.  Those who show up intending to participate but do not have a valid individualized confirmation code can join the other lurkers on the sidelines and cheer us from afar.    No exceptions.
    This JUMP is a Tandem Sky Dive from a perfectly functional aeroplane.  You will be exiting this perfectly functional aeroplane at roughly 2 miles above the safety of terra firma.  If you have already Sky Dived then you know the score.  This is a life endangering event.  If you participate, you do this act at your own risk of injury and/or death.  I don't want anyone later to come crying to me about getting injured or killed.  Nobody is forcing you to do this absolutely insane act.  So you all can bite me if anything goes wrong and you discover only too late that your body does not bounce as well as you might have hoped.  Nobody likes a cry baby anyway.

    Check http://www.atreus.org/ for complete info and to sign up!